Aztec's obsolete infrastructure just took another $2.15 million punch. Barely a week after its first brush with cyber calamity, Aztec's deprecated smart contract was breached again, this time siphoning off 1,158 Ether (ETH), 150,000 Dai (DAI), and 0.46 renBTC (RENBTC), tallying up to roughly $2.15 million, according to Cos, co-founder of cybersecurity firm SlowMist.

This heist was no magic trick; it was a clever manipulation of a false rollup proof that duped the system into handing over assets to an attacker's wallet, SlowMist's preliminary analysis revealed. Aztec Labs, acknowledging the breach, stated that the assets were extracted from an immutable smart contract linked to a deprecated payment product. The product, discarded back in 2022, left behind no admin keys or transaction pause abilities for the team.

The timing couldn't be worse. Cointelegraph reported that this incident is independent of the $2.1 million loss from Aztec Connect’s smart contract last Sunday. Aztec Connect, a privacy-geared rollup phased out in March 2023, had its deposits shut off as the team pivoted resources to the forthcoming Aztec Network.

The old smart contracts weren't just forgotten; they became hacker bait. With $1.3 million also siphoned from decentralized exchange Raydium earlier this month, the spotlight is back on the dangers lurking in neglected infrastructure. 'Old contracts continue to be bug bounties available to any hackers,' blockful risk analysis warned in a recent social media post.

More from Coin Times

MARKETS

Blockchain.com Expands Tokenized Assets with 173 New Listings

Blockchain.

The series of breaches underscore a growing concern in the cryptocurrency world: the security lapses in abandoned smart contract infrastructure. These contracts, once they are deprecated, often fall off the radar, leaving them susceptible to attacks that can exploit any lingering vulnerabilities. The Aztec case is a prime example of how outdated systems can be a treasure trove for cybercriminals, especially when no mechanisms are in place to safeguard the dormant assets.

The $2.15 million exploit of Aztec's deprecated infrastructure marks the second such incident in a matter of days, raising alarms about the broader implications for the crypto industry. According to SlowMist's post-mortem analysis, despite Aztec Connect being deprecated, hackers managed to extract over $2.1 million in the initial exploit because the immutable contract still held legacy user assets, underscoring the risks associated with maintaining such contracts.

In light of these events, cybersecurity experts, including those at SlowMist, are suggesting a proactive approach to managing these risks. They recommend an orderly migration of assets from outdated and vulnerable structures to more secure environments. This not only protects the assets but also prevents them from becoming easy targets for hackers, effectively reducing the risk of future exploits.

The recent spate of incidents, including the $1.3 million stolen from decentralized exchange Raydium, has reignited discussions within the crypto community about the need for better management of legacy systems. The vulnerabilities in these old contracts, often viewed as 'bug bounties' by cybercriminals, pose significant risks, especially as protocols absolve themselves of the responsibility to maintain them once they are deprecated.

As the industry grapples with these challenges, the broader question remains: Can the crypto world afford to leave doors open? The Aztec breaches serve as a cautionary tale for protocols that continue to hold legacy assets in outdated systems. The incidents highlight the importance of ongoing vigilance and the need for a comprehensive strategy to manage legacy risks in the ever-evolving landscape of cryptocurrency security.